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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS. 
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3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 
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DETAILED ACTION 



1 . This action is responding to application papers filed on 3-8-2004. 

2. Claims 1 - 28 are pending. Claims 1,13, 22 are independent. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102(e) 
that form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by 
the applicant for patent, except that an international application filed under the treaty defined in 
section 351 (a) shall have the effects for purposes of this subsection of an application filed in the 
United States only if the international application designated the United States and was published 
under Article 21(2) of such treaty in the English language. 



4. Claims 1 - 5, 7 - 15, 17 - 24, 26 - 28 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Choline et al. (US PGPUB No. 20030041136). 



Regarding Claims 1, 22, Cheline discloses a method for reducing the vulnerability of 
an enterprise network to a malicious code attack from a virtual private network (VPN) 
capable end system, comprising: 

a) denying network access to a VPN capable end system before a user on the end 

system becomes authenticated; (see Cheline paragraph [0043], lines 1-8; 

paragraph [0069], lines 4-1 1 : access only after user authentication) 
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b) permitting network access by the end system solely on at least one VPN 
connection to an enterprise network once the user on the end system becomes 
authenticated; (see Cheline paragraph [0049], lines 8-14; paragraph [0071], lines 

I- 3: access only after user authentication) and 

c) permitting write access to the end system solely to at least one temporary 
memory while the VPN connection is active, (see Cheline paragraph [0049], lines 

I I- 14: transfer of information between systems) 

Regarding Claim 2, Cheline discloses the method of claim 1, wherein the recited steps 
are performed on the end system, (see Cheline paragraph [0043], lines 1-8; paragraph 
[0069], lines 4-11; paragraph [0049], lines 8-14; paragraph [0071], lines 1-3; paragraph 
[0049], lines 1 1-14: VPN setup, users authenticated, data access enabled) 

Regarding Claims 3, 14, 23, Cheline discloses the method of claim 1, further 
comprising the step of purging the temporary memory once the VPN connection 
becomes inactive, (see Cheline paragraph [0076], lines 1-5: VPN torn down, tunnel 
disconnected, security information in temporary memory removed) 

Regarding Claims 4, 15, 24, Cheline discloses the method of claim 1 , further 
comprising the step of authenticating the user, (see Cheline paragraph [0049], lines 8- 
14: authenticate user) 
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Regarding Claim 5, Cheline discloses the method of claim 4, wherein the 
authenticating step comprises a two factor user authentication, (see Cheline paragraph 
[0027], lines 8-15: two factor authentication, 1: userid and password, 2: digital 
certificates) 

Regarding Claim 7, Cheline discloses the method of daim 1, wherein the step of 
permitting write access comprises directing data writes to a RAM disk on the end 
. system, (see Cheline paragraph [0071], lines 1-3: VPN access to end system enabled) 

Regarding Claims 8, 17, 26, Cheline discloses the method of claim 1 , further 
comprising the step of logging the user off the end system once the VPN connection 
becomes inactive, (see Cheline paragraph [0076], lines 1-5: logoff, VPN disconnected 
or inactive) 

Regarding Claim 9, Cheline discloses the method of daim 1 , further comprising the 
step of restarting the end system once the VPN connection becomes inactive, (see 
Cheline paragraph [0076], lines 1-5: relogon, restarting end system) 

Regarding Claims 10, 19, 28, Cheline discloses the method of daim 1, further 
comprising the step of shutting down the end system once the VPN connection 
becomes inactive, (see Cheline paragraph [0076], lines 10-14: VPN disconnected, 
tunnel torn down) 
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Regarding Claim 11, Cheline discloses the method of claim 1 , wherein the VPM 
connection becomes inactive through an action initiated on the end system, (see 
Cheline paragraph [0076], lines 7-8: logoff, action initiated by user) 

Regarding Claim 12, Cheline discloses the method of claim 1 , wherein the VPN 
connection becomes inactive through an action initiated external to the end system, 
(see Cheline paragraph [0076], lines 1-5: timeout (i.e. action external to system), VPN 
disconnected (i.e. inactive)) 

Regarding Claims 13, 20, 21, Cheline discloses a virtual private network (VPN) 
capable end system, comprising: 

a) at least one permanent memory; (see Cheline page 11, claim 13: computer- 
readable medium, memory, storage) 

b) at least one temporary memory; (see Cheline paragraph [0058], line 1 : temporary 
memory) 

c) at least one processor coupled to the permanent memory and the temporary 
memory; (see Cheline paragraph [0047], lines 1-3: processor) and 

d) operating software stored on the permanent memory, the operating software 
having instructions executable by the processor to deny network access to the 
end system before a user on the end system becomes authenticated and, once 
the user on the end system becomes authenticated, to permit network access by 
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the end system solely on at least one VPN connection to an enterprise network 
and pemnit write access solely to the temporary memory while the VPN 
connection is active, (see Cheline paragraph [0047], lines 6-20: operating system 
software, perform functions; page 11, claim 13: computer-readable medium) 

Regarding Claim 18, Cheline discloses the end system of claim 13, wherein the 
operating software has instructions executable by the processor to restart the end 
system once the VPN connection becomes inactive, (see Cheline paragraph [0076], 
lines 1-5: relogon (i.e. restart) end system) 

Claim RBjections • 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sk\\\ in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 6, 16, 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Cheline in view of Nguyen et al. (US PGPUB No. 20030172145). 

Regarding Claims 6, 16, 25, Cheline discloses the method of claim 1, wherein the step 
of permitting network access, (see Cheline paragraph [0071], lines 1-3: enable network 
access, VPN) Cheline does not specifically disclose dropping packets that are not 
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associated with the VPN connection. However, Nguyen disclose wherein dropping 
packets that are not associated with the VPN connection, (see Nguyen paragraph 
[0954], lines 1-7: VPN technology; paragraph [0978], lines 4-7; paragraph [0979], lines 
11-15; paragraph [1087], lines 14-17: invalid packet, not associated with VPN 
connection dropped, unapproved connections dropped) 

It would have been obvious to one of ordinary skill in the art to modify Cheline as 
taught by Nguyen to enable the capability to drop packets that are not associated with 
the VPN connection. One of ordinary skill in the art would have been motivated to ^ 
employ the teachings of Nguyen in order to enable the capability to leverage the 
Internet for useful and vital business activities, (see Nguyen paragraph [0029], lines 1- 
8: "... For enterprises and service providers alike, knowing how to leverage the Internet 
for more than mere Web advertising and e-mail access may be vital to remaining 
competitive in today's increasingly Net-driven markets. Successful service providers 
and commercial enterprises may differentiate themselves by the way they use Internet 
technology to rapidly create and deploy new services and implement new business 
models. ...") 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-91 99 (IN USA OR CANADA) or 671 -272-1 000. 
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Examiner 
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